Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
309
Views
0
Helpful
1
Replies

2 Servers behind a single nat - not your normal request

sdawson35
Level 1
Level 1

‎12-20-2017 04:07 AM - edited ‎02-21-2020 06:59 AM

So we have 2 servers (domain controllers) that exist in a security zone on an ASA firewall. One is a backup for the other (Only 1 live at any one point in time).

The client can only use a single ip address , so we want to (somehow) sit the 2 domain controllers behind a single natted address and somehow track which server is alive.

 

Is this even possible ?

 

 

Regards

 

Scott.

 

 

Labels:
0 Helpful
1 Reply 1

GioGonza
Level 4
Level 4

‎12-20-2017 06:43 AM

Hello @sdawson35

 

This is not possible, the only way you can do that is to perform a PAT on the ASA but the traffic should always be initiated from the DC and not from the users, if you do the static NAT for 2 IPs it will always take the first one even if the server is down and it wouldn´t use the backup. 

 

HTH

Gio

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card